|
一个自签名的内部网站当ff访问时出现以下错误 SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) 服务器使用的是tomcat, 解决办法, 修改tomcat/conf/server.xml, 更改配置, 增加sslEnabledProtocols和ciphers
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="9443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https"
secure="true" SSLEnabled="true"
keystoreFile="/home/tomc/apache-tomcat-7.0.33/conf/server.keystore"
keystorePass="111111"
clientAuth="true"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
URIEncoding="UTF-8"/>
(责任编辑:IT) |